program: r0 = socket$netlink(0x10, 0x3, 0x0) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r1 = socket(0x2a, 0x2, 0x0) r2 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000001c0)=@newqdisc={0x48, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r4, {0x0, 0x2}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_prio={{0x9}, {0x18, 0x2, {0x8}}}]}, 0x48}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) r6 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00') ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x18, 0x2000, &(0x7f0000ffd000/0x2000)=nil}) r7 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000040)=0xffffffffffffffff, 0x4) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000140)={0x2, 0x4, 0x8, 0x1, 0x80, r6, 0x2, '\x00', r4, r7, 0x0, 0x1, 0x3}, 0x50) sendmsg$nl_route_sched(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000007c0)=@newtfilter={0x58, 0x2c, 0xd27, 0x10, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0x8, 0xa}}, [@filter_kind_options=@f_u32={{0x8}, {0x2c, 0x2, [@TCA_U32_SEL={0x14, 0x5, {0x9, 0x4, 0x0, 0x6fb, 0x8, 0xfcf, 0x7, 0x1}}, @TCA_U32_INDEV={0x14, 0x8, 'team_slave_1\x00'}]}}]}, 0x58}, 0x1, 0x0, 0x0, 0x4000001}, 0xc004) [ 75.433331][ T4685] Bluetooth: hci0: command tx timeout [ 75.521547][ T5338] BUG: kernel NULL pointer dereference, address: 0000000000000000 [ 75.524990][ T5338] #PF: supervisor instruction fetch in kernel mode [ 75.527596][ T5338] #PF: error_code(0x0010) - not-present page [ 75.530095][ T5338] PGD 0 P4D 0 [ 75.531568][ T5338] Oops: Oops: 0010 [#1] SMP KASAN NOPTI [ 75.533946][ T5338] CPU: 0 UID: 0 PID: 5338 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 75.537825][ T5338] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 75.542321][ T5338] RIP: 0010:0x0 [ 75.543795][ T5338] Code: Unable to access opcode bytes at 0xffffffffffffffd6. [ 75.546841][ T5338] RSP: 0018:ffffc9000ad1f958 EFLAGS: 00010287 [ 75.549445][ T5338] RAX: ffffffff81fbd4f4 RBX: 1ffffd40002acae0 RCX: 0000000000100000 [ 75.552512][ T5338] RDX: ffffc90020c31000 RSI: ffffea0001565700 RDI: ffff8880416ce700 [ 75.556109][ T5338] RBP: ffffc9000ad1fa18 R08: ffffea0001565707 R09: 1ffffd40002acae0 [ 75.559656][ T5338] R10: dffffc0000000000 R11: 0000000000000000 R12: 0000000000000000 [ 75.563040][ T5338] R13: ffffea0001565708 R14: ffffea0001565700 R15: 1ffffd40002acae1 [ 75.566699][ T5338] FS: 00007f36bb7bc6c0(0000) GS:ffff88808d414000(0000) knlGS:0000000000000000 [ 75.570547][ T5338] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 75.573321][ T5338] CR2: ffffffffffffffd6 CR3: 0000000011b43000 CR4: 0000000000352ef0 [ 75.576667][ T5338] Call Trace: [ 75.578095][ T5338] [ 75.579282][ T5338] filemap_read_folio+0x117/0x380 [ 75.581345][ T5338] ? __pfx_filemap_read_folio+0x10/0x10 [ 75.583673][ T5338] do_read_cache_folio+0x358/0x590 [ 75.585837][ T5338] freader_get_folio+0x3c7/0x830 [ 75.588063][ T5338] freader_fetch+0xa3/0x750 [ 75.589944][ T5338] __build_id_parse+0x133/0x7d0 [ 75.591818][ T5338] ? __pfx___build_id_parse+0x10/0x10 [ 75.594107][ T5338] procfs_procmap_ioctl+0x76f/0xce0 [ 75.596314][ T5338] ? __pfx_procfs_procmap_ioctl+0x10/0x10 [ 75.598656][ T5338] ? __fget_files+0x2a/0x420 [ 75.600678][ T5338] ? __fget_files+0x2a/0x420 [ 75.602812][ T5338] ? __fget_files+0x3a0/0x420 [ 75.605057][ T5338] ? __fget_files+0x2a/0x420 [ 75.607132][ T5338] ? bpf_lsm_file_ioctl+0x9/0x20 [ 75.609210][ T5338] ? __pfx_procfs_procmap_ioctl+0x10/0x10 [ 75.611606][ T5338] __se_sys_ioctl+0xfc/0x170 [ 75.613492][ T5338] do_syscall_64+0xec/0xf80 [ 75.615461][ T5338] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.618293][ T5338] ? trace_irq_disable+0x37/0x100 [ 75.620548][ T5338] ? clear_bhb_loop+0x60/0xb0 [ 75.622648][ T5338] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.625302][ T5338] RIP: 0033:0x7f36ba98f7c9 [ 75.627719][ T5338] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 75.636024][ T5338] RSP: 002b:00007f36bb7bc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 75.639441][ T5338] RAX: ffffffffffffffda RBX: 00007f36babe5fa0 RCX: 00007f36ba98f7c9 [ 75.642374][ T5338] RDX: 0000200000000180 RSI: 00000000c0686611 RDI: 0000000000000008 [ 75.645634][ T5338] RBP: 00007f36baa13f91 R08: 0000000000000000 R09: 0000000000000000 [ 75.648975][ T5338] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 75.652493][ T5338] R13: 00007f36babe6038 R14: 00007f36babe5fa0 R15: 00007ffde6d28dd8 [ 75.655788][ T5338] [ 75.657145][ T5338] Modules linked in: [ 75.658905][ T5338] CR2: 0000000000000000 [ 75.660709][ T5338] ---[ end trace 0000000000000000 ]--- [ 75.663124][ T5338] RIP: 0010:0x0 [ 75.665014][ T5338] Code: Unable to access opcode bytes at 0xffffffffffffffd6. [ 75.668575][ T5338] RSP: 0018:ffffc9000ad1f958 EFLAGS: 00010287 [ 75.671451][ T5338] RAX: ffffffff81fbd4f4 RBX: 1ffffd40002acae0 RCX: 0000000000100000 [ 75.674823][ T5338] RDX: ffffc90020c31000 RSI: ffffea0001565700 RDI: ffff8880416ce700 [ 75.678589][ T5338] RBP: ffffc9000ad1fa18 R08: ffffea0001565707 R09: 1ffffd40002acae0 [ 75.682067][ T5338] R10: dffffc0000000000 R11: 0000000000000000 R12: 0000000000000000 [ 75.685656][ T5338] R13: ffffea0001565708 R14: ffffea0001565700 R15: 1ffffd40002acae1 [ 75.689146][ T5338] FS: 00007f36bb7bc6c0(0000) GS:ffff88808d414000(0000) knlGS:0000000000000000 [ 75.692913][ T5338] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 75.696004][ T5338] CR2: ffffffffffffffd6 CR3: 0000000011b43000 CR4: 0000000000352ef0 [ 75.699639][ T5338] Kernel panic - not syncing: Fatal exception [ 75.702630][ T5338] Kernel Offset: disabled [ 75.704504][ T5338] Rebooting in 86400 seconds..